If you have not heard of a Cyber Insurance Primer and you deal with clients, customers, consumers, or the public collecting any of their private information digitally or in hard copy, it may be time to consider one. A Cyber Insurance Primer is meant to protect businesses from data breaches to their computer, storage, or online data. Have you thought of what might happen if your customer’s information was stolen?
The most common form of protection is a third party liability protection within a normal cyber insurance primer. This protection usually takes the form of “privacy protection” of a company’s customer’s private information liability coverage. It is also referred to as network security or privacy liability coverage. These terms in a cyber-policy usually cover alleged liability for the policyholder against negligence, human errors, and even breach of duty to a third-party in regards to the storing or maintaining records of personal information.
These records are often the records as regulated by state and federal regulations that require personal privacy to be maintained. Even more important for you to understand is that this coverage is not specific to computers or online storage, but can cover all data breaches, physical or online. This type of coverage essentially covers the policy holder from any unauthorized breach or access of the owner’s own computer systems in general.
The most talked about data leaks or breaches in the media such as the Sony or Target breaches are of this nature (read about the breaches here and here). Unfortunately, typical commercial liability or professional liability coverages almost never cover these types of breaches and their resultant lawsuits. With these high profile cases specifically getting media coverage, most insurers are now explicitly excluding cyber breaches from their coverage.
First-party is another type of coverage that most cyber insurance policies also include in their coverages. They are most often referred to as crisis management, network interruption, or data breach coverage policies with some even providing protection against regulatory proceedings.
Although, high profile data breaches rarely result in large-scale losses, there is considerable loss in regards to the actual management of the situation and repairing any reputation damage after the breach. These expenses are harder to quantify but can ultimately be more expensive than direct losses or punitive lawsuits. If your “brand” and reputation are tarnished because of a data breach, it can often take years to repair a consumer’s confidence in your ability to protect their information. This is the case even if it can technically be repaired in a quick amount of time.
Lastly, remember that this field of insurance is fairly new to the industry, and there are no standards among insurers at this point. You could call it the Wild West of the insurance industry. Regulations or industry standards for coverage do not exist. Ensure that you carefully read any policy and ensure that all the coverage points you need are included.